Afterroar · Privacy

Privacy Policy

Last updated: May 1, 2026

The short version

Your data belongs to you. We collect only what's needed to run the platform. You can see everything we know about you, control who accesses it, export it as JSON, and delete it anytime. We never sell your data. We never use it in ways you didn't explicitly consent to. Per the Afterroar Credo, players come first.

What we collect

• Identity: email, display name, avatar (from Google sign-in).
• Date of birth: collected once at signup to confirm you're old enough to use Afterroar and to apply age-appropriate privacy defaults. We store the date itself, not your age (which we compute as needed).
• Passport code: a unique 8-character identifier for QR scanning at stores.
• Game library: games you declare you own. Added manually or auto-added from consented purchases.
• Loyalty points: points earned at participating stores. Tracked per-store with a running balance.
• Activity history: check-ins at stores, event attendance, tournament results. Created when you actively participate.
• Consent grants: which types of communication you've opted into or out of, per category, with timestamps.
• For minor accounts (13–17): the parent or legal guardian's identifier and the date of consent. Date of birth on minor accounts is used only to compute the date the account graduates to adult privacy defaults.

Age and minors

Afterroar requires users to be at least 18, or 13–17 with active parental or legal-guardian consent. Children under 13 cannot create a Passport. We collect date of birth at signup using a neutral age screen (no defaults, no copy implying a minimum age), and we use a session cookie to prevent retry-with-different-age attempts after an under-13 entry, in line with FTC guidance under the Children's Online Privacy Protection Act.

Minor accounts (13–17) inherit the most restrictive privacy settings by default: profile visibility is limited to approved circles, direct messages from adults outside the approved circle are blocked, and public game-night discovery is restricted to events hosted by verified venues and tagged appropriate for the minor's age.

We do not collect biometric data (face geometry, voiceprints, fingerprints) from any user, regardless of age. Identity verification for adult Pro and Connect tiers is handled by our verification partner under their own terms; the partner does not return biometric identifiers to Afterroar.

How we use it

• To provide the Passport experience — showing your points, library, and history.
• To let stores you've consented to recognize you at checkout via QR scan.
• To send you communications you've explicitly opted into (and nothing else).
• To improve the platform — aggregate, anonymized analytics only. Never individual tracking.

Who can see your data

No one, unless you consent. When you scan your Passport at a store or authorize an app via “Log in with Afterroar,” that specific store or app receives only the data you approved — typically your display name, avatar, loyalty tier, and reputation score. They do not receive your email, phone number, or activity at other stores. You can revoke any store or app's access anytime at afterroar.me/settings.

Full Uproar Games, Inc. (the company that built this platform) has no privileged access to your data. They operate under the same consent rules as every other store or app. Per the Afterroar Credo: the platform is a commons, not a tollbooth.

Shopify merchants and their customers

When a store installs Afterroar Connect from the Shopify App Store, we receive a read-only OAuth token for that store's read_orders and read_customers scopes. We use this access solely to match incoming paid orders to the customer's Afterroar Passport (by email or by a Passport code the customer supplied at checkout) and to award store-specific loyalty points.

Customer personal data from Shopify webhooks (names, emails, order details) is retained in raw form for up to 30 days for idempotency and audit, then automatically stripped while we keep only a non-PII metadata row (topic, dedupe key, processing result) for 180 days. We do not store Shopify card data, shipping addresses, product catalogs, or any data we don't need to match to a Passport.

Mandatory Shopify compliance webhooks: we handle customers/data_request, customers/redact, and shop/redact. Customer redact requests are effectively no-ops on our side because we don't persist Shopify customer records — the customer's actual data lives in their own Passport, which they control. Shop redact purges all our data about that merchant within 48 hours of the request.

Merchants can disconnect Afterroar Connect from their Shopify admin at any time. On uninstall, the connection is deactivated immediately; all retained data then follows the retention schedule above.

Data retention

We keep your data as long as your Passport is active. When you delete your Passport, we delete your identity, consent grants, game library, and activity history immediately. Points ledger entries are anonymized (disassociated from your identity) for store accounting purposes. Stores running Afterroar Store Ops have their records deleted automatically. For other stores, we send a deletion request but cannot verify compliance — see “Your rights” below.

Your rights

• See your data: afterroar.me/settings shows everything we know.
• Export your data: Download as JSON anytime.
• Control your consent: Toggle each communication category on or off at settings. Changes take effect immediately.
• Delete your data: Available at /data. For stores running our POS software, deletion is automatic and verified. For other stores, we revoke their access and send a deletion request, but we cannot force external systems to purge their records — we provide their contact info so you can follow up directly.
• CCPA / GDPR: If you're a California or EU resident, you have additional rights under local privacy law. Contact afterroar@fulluproar.com with any privacy-related requests.

What we don't do

• We never sell your data.
• We never share it with advertisers.
• We never use it for behavioral targeting or cross-site tracking.
• We never give any store — including Full Uproar Games — back-door access.
• We never send you communications you didn't consent to.

Contact

For privacy questions or data requests: afterroar@fulluproar.com

Afterroar is operated by Full Uproar Games, Inc., South Bend, Indiana, USA.